[Congressional Record: April 13, 2000 (Senate)]
[Page S2729-S2771]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]
[DOCID:cr13ap00pt2-155]
STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS
[Excerpt]
By Mr. LEAHY:
S. 2430. A bill to combat computer hacking through enhanced law
enforcement and to protect the privacy and constitutional rights of
Americans, and for other purposes; to the Committee on the Judiciary.
Internet Security Act of 2000
Mr. LEAHY. Mr. President, as we head into the twenty-first century,
computer-related crime is one of the greatest challenges facing law
enforcement. Many of our critical infrastructures and our government
depend upon the reliability and security of complex computer systems.
We need to make sure that these essential systems are protected from
all forms of attack. The legislation I am introducing today will help
law enforcement investigate and prosecute those who jeopardize the
integrity of our computer systems and the Internet.
Whether we work in the private sector or in government, we negotiate
daily through a variety of security checkpoints designed to protect
ourselves from being victimized by crime or targeted by terrorists. For
instance, congressional buildings like this one use cement pillars
placed at entrances, photo identification cards, metal detectors, x-ray
scanners, and security guards to protect the physical space. These
security steps and others have become ubiquitous in the private sector
as well.
Yet all these physical barriers can be circumvented using the wires
that run into every building to support the computers and computer
networks that are the mainstay of how we communicate and do business.
This plain fact was amply demonstrated by the recent hacker attacks on
E-Trade, ZDNet, Datek, Yahoo, eBay, Amazon.com and other Internet
sites. These attacks raise serious questions about Internet security--
questions that we need to answer to ensure the long-term stability of
electronic commerce. More importantly, a well-focused and more malign
cyber-attack on computer networks that support telecommunications,
transportation, water supply, banking, electrical power and other
critical infrastructure systems could wreak havoc on our national
economy or even jeopardize our national defense. We have learned that
even law enforcement is not immune. Just recently we learned of a
denial of service attack successfully perpetrated against a FBI web
site, shutting down that site for several hours.
The cybercrime problem is growing. The reports of the CERT
Coordination Center (formerly called the ``Computer Emergency Response
Team''), which was established in 1988 to help the Internet community
detect and resolve computer security incidents, provide chilling
statistics on the vulnerabilities of the Internet and the scope of the
problem. Over the last decade, the number of reported computer security
incidents grew from 6 in 1988 to more than 8,000 in 1999. But that
alone does not reveal the scope of the problem. According to CERT's
most recent annual report, more than four million computer hosts were
affected by the computer security incidents in 1999 alone by damaging
computer viruses, with names like ``Melissa,'' ``Chernobyl,''
``ExploreZip,'' and by the other ways that remote intruders have found
to exploit system vulnerabilities. Even before the recent headline-
grabbing ``denial-of-service'' attacks, CERT documented that such
incidents ``grew at rate around 50% per year'' which was ``greater than
the rate of growth of Internet hosts.''
CERT has tracked recent trends in severe hacking incidents on the
Internet and made the following observations, First, hacking techniques
are getting more sophisticated. That means law enforcement is going to
have to get smarter too, and we need to give them the resources to do
this. Second, hackers have ``become increasingly difficult to locate
and identify.'' These criminals are operating in many different
locations and are using techniques that allow them to operate in
``nearly total obscurity.''
We have been aware of the vulnerabilities to terrorist attacks of our
computer networks for more than a decade. It became clear to me, when I
chaired a series of hearings in 1988 and 1989 by the Subcommittee on
Technology and the Law in the Senate Judiciary Committee on the subject
of high-tech terrorism and the threat of computer viruses, that merely
``hardening'' our physical space from potential attack would only
prompt committed criminals and terrorists to switch tactics and use new
technologies to reach vulnerable softer targets, such as our computer
systems and other critical infrastructures. The government has a
responsibility to work with those in the private sector to assess those
vulnerabilities and defend them. That means making sure our law
enforcement agencies have the tools they need, but also that the
government does not stand in the way of smart technical solutions to
defend our computer systems.
Targeting cybercrime with up-to-date criminal laws and tougher law
enforcement is only part of the solution. While criminal penalties may
deter some computer criminals, these laws usually come into play too
late, after the crime has been committed and the injury inflicted. We
should keep in mind the adage that the best defense is a good offense.
Americans and American firms must be encouraged to take preventive
measures to protect their computer information and systems. Just
recently, internet providers and companies such as Yahoo! and
Amazon.com Inc., and computer hardware companies such a Cisco Systems
Inc., proved successful at stemming attacks within hours thereby
limiting losses.
That is why, for years, I have advocated and sponsored legislation to
encourage the widespread use of strong encryption. Encryption is an
important tool in our arsenal to protect the security of our computer
information and networks. The Administration made enormous progress
earlier this year when it issued new regulations relaxing export
controls on strong encryption. Of course, encryption technology cannot
be the sole source of protection for our critical computer networks and
computer-based infrastructure, but we need to make sure the government
is encouraging--and not restraining--the use of strong encryption and
other technical solutions to protecting our computer systems.
Congress has responded again and again to help our law enforcement
agencies keep up with the challenges of new crimes being executed over
computer networks. In 1984, we passed the Computer Fraud and Abuse Act,
and its amendments, to criminalize conduct when carried out by means
of unauthorized access to a computer. In 1986, we passed the Electronic
Communications Privacy Act (ECPA), which I was proud to sponsor, to
criminalize tampering with electronic mail systems and remote data
processing systems and to protect the privacy of computer users. In the
104th Congress, Senators Kyl, Grassley, and I worked together to enact
the National Information Infrastructure Protection Act to increase
protection under federal criminal law for both government and private
computers, and to address an emerging problem of computer-age blackmail
in which a criminal threatens to harm or shut down a computer system
unless their extortion demands are met.
[[Page S2739]]
In this Congress, I have introduced a bill with Senator DeWine, the
Computer Crime Enforcement Act, S. 1314, to set up a $25 million grant
program within the U.S. Department of Justice for states to tap for
improved education, training, enforcement and prosecution of computer
crimes. All 50 states have now enacted tough computer crime control
laws. These state laws establish a firm groundwork for electronic
commerce and Internet security. Unfortunately, too many state and local
law enforcement agencies are struggling to afford the high cost of
training and equipment necessary for effective enforcement of their
state computer crime statutes. Our legislation, the Computer Crime
Enforcement Act, would help state and local law enforcement join the
fight to combat the worsening threats we face from computer crime.
Computer crime is a problem nationwide and in Vermont. I recently
released a survey on computer crime in Vermont. My office surveyed 54
law enforcement agencies in Vermont--43 police departments and 11
State's attorney offices--on their experience investigating and
prosecuting computer crimes. The survey found that more than half of
these Vermont law enforcement agencies encounter computer crime, with
many police departments and state's attorney offices handling 2 to 5
computer crimes per month.
Despite this documented need, far too many law enforcement agencies
in Vermont cannot afford the cost of policing against computer crimes.
Indeed, my survey found that 98% of the responding Vermont law
enforcement agencies do not have funds dedicated for use in computer
crime enforcement.
My survey also found that few law enforcement officers in Vermont are
properly trained in investigating computer crimes and analyzing cyber-
evidence. According to my survey, 83% of responding law enforcement
agencies in Vermont do not employ officers properly trained in computer
crime investigative techniques. Moreover, my survey found that 52% of
the law enforcement agencies that handle one or more computer crimes
per month cited their lack of training as a problem encountered during
investigations. Proper training is critical to ensuring success in the
fight against computer crime.
This bill will help our computer crime laws up to date as an
important backstop and deterrent. I believe that our current computer
crime laws can be enhanced and that the time to act is now. We should
pass legislation designed to improve our law enforcement efforts while
at the same time protecting the privacy rights of American citizens.
The bill I offer today will make it more efficient for law
enforcement to use tools that are already available--such as pen
registers and trap and trace devices--to track down computer criminals
expeditiously. It will ensure that law enforcement can investigate and
prosecute hacker attacks even when perpetrators use foreign-based
computers to facilitate their crimes. It will implement criminal
forfeiture provisions to ensure that cybercriminals are forced to
relinquish the tools of their trade upon conviction. It will also close
a current loophole in our wiretap laws that prevents a law enforcement
officer from monitoring an innocent-host computer with the consent of
the computer's owner and without a wiretap order to track down the
source of denial-of-service attacks. Finally, this legislation will
assist state and local police departments in their parallel efforts to
combat cybercrime, in recognition of the fact that this fight is not
just at the federal level.
The key provisions of the bill are:
Jurisdictional and Definitional Changes to the Computer Fraud and
Abuse Act: The Computer Fraud and Abuse Act, 18 U.S.C. Sec. 1030, is
the primary federal criminal statute prohibiting computer frauds and
hacking. This bill would amend the statute to clarify the appropriate
scope of federal jurisdiction. First, the bill adds a broad definition
of ``loss'' to the definitional section. Calculation of loss is
important both in determining whether the $5,000 jurisdictional hurdle
in the statute is met, and, at sentencing, in calculating the
appropriate guideline range and restitution amount.
Second, the bill amends the definition of ``protected computer,'' to
expressly include qualified computers even when they are physically
located outside of the United States. This clarification will preserve
the ability of the United States to assist in international hacking
cases. A ``Sense of Congress'' provision specifies that federal
jurisdiction is justified by the ``interconnected and interdependent
nature of computers used in interstate or foreign commerce.''
Finally, the bill expands the jurisdiction of the United States
Secret Service to encompass investigations of all violations of 18
U.S.C. Sec. 1030. Prior to the 1996 amendments to the Computer Fraud
and Abuse Act, the Secret Service was authorized to investigate any and
all violations of section 1030, pursuant to an agreement between the
Secretary of Treasury and the Attorney General. The 1996 amendments,
however, concentrated Secret Service jurisdiction on certain specified
subsections of section 1030. The current amendment would return full
jurisdiction to the Secret Service and would allow the Justice and
Treasury Departments to decide on the appropriate work-sharing balance
between the two.
Elimination of Mandatory Minimum Sentence for Certain Violations of
Computer Fraud and Abuse Act: Currently, a directive to the Sentencing
Commission requires that all violations, including misdemeanor
violations, of certain provisions of the Computer Fraud and Abuse Act
be punished with a term of imprisonment of at least six months. The
bill would change this directive to the Sentencing Commission so that
no such mandatory minimum would be required.
Additional Criminal Forfeiture Provisions: The bill adds a criminal
forfeiture provision to the Computer Fraud and Abuse Act, requiring
forfeiture of physical property used in or to facilitate the offense as
well as property derived from proceeds of the offense. It also
supplements the current forfeiture provision in 18 U.S.C. 2318, which
prohibits trafficking in, among other things, counterfeit computer
program documentation and packaging, to require the forfeiture of
replicators and other devices used in the production of such
counterfeit items.
Pen Registers and Trap and Trace Devices: The bill makes it easier
for law enforcement to use these investigative techniques in the area
of cybercrime, and institutes corresponding privacy protections. On the
law enforcement side, the bill gives nationwide effect to pen register
and trap and trace orders obtained by Government attorneys, thus
obviating the need to obtain identical orders in multiple federal
jurisdictions. It also clarifies that such devices can be used on all
electronic communication lines, not just telephone lines. On the
privacy side, the bill provides for greater judicial review of
applications for pen registers and trap and trace devices and
institutes a minimization requirement for the use of such devices. The
bill also amends the reporting requirements for applications for such
devices by specifying the information to be reported.
Denial of Service Investigations: Currently, a person whose computer
is accessed by a hacker as a means for the hacker to reach a third
computer cannot simply consent to law enforcement monitoring of his
computer. Instead, because this person is not technically a party to
the communication, law enforcement needs wiretap authorization under
Title III to conduct such monitoring. The bill will close this loophole
by explicitly permitting such monitoring without a wiretap if prior
consent is obtained from the person whose computer is being hacked
through and used to send ``harmful interference to a lawfully operating
computer system.''
Encryption Reporting: The bill directs the Attorney General to report
the number of wiretap orders in which encryption was encountered and
whether such encryption precluded law enforcement from obtaining the
plaintext of intercepted communications.
State and Local Computer Crime Enforcement: The bill directs the
Office of Federal Programs to make grants to assist State and local law
enforcement in the investigation and prosecution of computer crime.
Legislation must be balanced to protect our privacy and other
constitutional rights. I am a strong proponent
[[Page S2740]]
of the Internet and a defender of our constitutional rights to speak
freely and to keep private our confidential affairs from either private
sector snoops or unreasonable government searches. These principles can
be respected at the same time we hold accountable those malicious
mischief makers and digital graffiti sprayers, who use computers to
damage or destroy the property of others. I have seen Congress react
reflexively in the past to address concerns over anti-social behavior
on the Internet with legislative proposals that would do more harm than
good. A good example of this is the Communications Decency Act, which
the Supreme Court declared unconstitutional. We must make sure that our
legislative efforts are precisely targeted on stopping destructive acts
and that we avoid scattershot proposals that would threaten, rather
than foster, electronic commerce and sacrifice, rather than promote,
our constitutional rights.
Technology has ushered in a new age filled with unlimited potential
for commerce and communications. But the Internet age has also ushered
in new challenges for federal, state and local law enforcement
officials. Congress and the Administration need to work together to
meet these new challenges while preserving the benefits of our new era.
The legislation I offer today is a step in that direction.
Mr. President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the bill was ordered to be printed in the
Record, as follows:
S. 2430
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Internet Security Act of
2000''.
SEC. 2. AMENDMENTS TO THE COMPUTER FRAUD AND ABUSE ACT.
Section 1030 of title 18, United States Code, is amended--
(1) in subsection (a)--
(A) in paragraph (5)--
(i) by inserting ``(i)'' after ``(A)'' and redesignating
subparagraphs (B) and (C) as clauses (ii) and (iii),
respectively;
(ii) in subparagraph (A)(iii), as redesignated, by adding
``and'' at the end; and
(iii) by adding at the end the following:
``(B) the conduct described in clause (i), (ii), or (iii)
of subparagraph (A)--
``(i) caused loss aggregating at least $5,000 in value
during a 1-year period to 1 or more individuals;
``(ii) modified or impaired, or potentially modified or
impaired, the medical examination, diagnosis, treatment, or
care of 1 or more individuals;
``(iii) caused physical injury to any person; or
``(iv) threatened public health or safety;''; and
(B) in paragraph (6), by adding ``or'' at the end;
(2) in subsection (c)--
(A) in paragraph (2)--
(i) in subparagraph (A), by striking ``and'' at the end;
and
(ii) in subparagraph (B), by inserting ``or an attempted
offense'' after ``in the case of an offense''; and
(B) by adding at the end the following:
``(4) forfeiture to the United States in accordance with
subsection (i) of the interest of the offender in--
``(A) any personal property used or intended to be used to
commit or to facilitate the commission of the offense; and
``(B) any property, real or personal, that constitutes or
that is derived from proceeds traceable to any violation of
this section.'';
(3) in subsection (d)--
(A) by striking ``subsections (a)(2)(A), (a)(2)(B), (a)(3),
(a)(4), (a)(5), and (a)(6) of''; and
(B) by striking ``which shall be entered into by'' and
inserting ``between'';
(4) in subsection (e)--
(A) in paragraph (2)(B), by inserting ``, including
computers located outside the United States'' before the
semicolon;
(B) in paragraph (4), by striking the period at the end and
inserting a semicolon;
(C) in paragraph (7), by striking ``and'' at the end;
(D) in paragraph (8), by striking ``, that'' and all that
follows through ``; and'' and inserting a semicolon;
(E) in paragraph (9), by striking the period at the end and
inserting ``; and''; and
(F) by adding at the end the following:
``(10) the term `loss' includes--
``(A) the reasonable costs to any victim of--
``(i) responding to the offense;
``(ii) conducting a damage assessment; and
``(iii) restoring the system and data to their condition
prior to the offense; and
``(B) any lost revenue or costs incurred by the victim as a
result of interruption of service.'';
(5) in subsection (g), by striking ``Damages for violations
involving damage as defined in subsection (c)(8)(A)'' and
inserting ``losses specified in subsection (a)(5)(B)(i)'';
and
(6) by adding at the end the following:
``(i) Provisions Governing Forfeiture.--Property subject to
forfeiture under this section, any seizure and disposition
thereof, and any administrative or judicial proceeding in
relation thereto, shall be governed by subsection (c) and
subsections (e) through (p) of section 413 of the
Comprehensive Drug Abuse Prevention and Control Act of 1970
(21 U.S.C. 853).''.
SEC. 3. SENSE OF CONGRESS.
It is the sense of Congress that--
(1) acts that damage or attempt to damage computers used in
the delivery of critical infrastructure services such as
telecommunications, energy, transportation, banking and
financial services, and emergency and government services
pose a serious threat to public health and safety and cause
or have the potential to cause losses to victims that include
costs of responding to offenses, conducting damage
assessments, and restoring systems and data to their
condition prior to the offense, as well as lost revenue and
costs incurred as a result of interruptions of service; and
(2) the Federal Government should have jurisdiction to
investigate acts affecting protected computers, as defined in
section 1030(e)(2)(B) of title 18, United States Code, as
amended by this Act, even if the effects of such acts occur
wholly outside the United States, as in such instances a
sufficient Federal nexus is conferred through the
interconnected and interdependent nature of computers used in
interstate or foreign commerce or communication.
SEC. 4. MODIFICATION OF SENTENCING COMMISSION DIRECTIVE.
Pursuant to its authority under section 994(p) of title 28,
United States Code, the United States Sentencing Commission
shall amend the Federal sentencing guidelines to ensure that
any individual convicted of a violation of paragraph (4) or
(5) of section 1030(a) of title 18, United States Code, can
be subjected to appropriate penalties, without regard to any
mandatory minimum term of imprisonment.
SEC. 5. FORFEITURE OF DEVICES USED IN COMPUTER SOFTWARE
COUNTERFEITING.
Section 2318(d) of title 18, United States Code, is amended
by--
(1) inserting ``(1)'' before ``When'';
(2) inserting ``, and any replicator or other device or
thing used to copy or produce the computer program or other
item to which the counterfeit label was affixed, or was
intended to be affixed'' before the period; and
(3) by adding at the end the following:
``(2) The forfeiture of property under this section,
including any seizure and disposition of the property, and
any related judicial or administrative proceeding, shall be
governed by the provisions of section 413 (other than
subsection (d) of that section) of the Comprehensive Drug
Abuse Prevention and Control Act of 1970 (21 U.S.C. 853).''.
SEC. 6. CONFORMING AMENDMENT.
Section 492 of title 18, United States Code, is amended by
striking ``or 1720,'' and inserting ``, 1720, or 2318''.
SEC. 7. PEN REGISTERS AND TRAP AND TRACE DEVICES.
Section 3123 of title 18, United States Code is amended--
(1) by striking subsection (a) and inserting the following:
``(a) Issuance of Order.--
``(1) Requests from attorneys for the government.--Upon an
application made under section 3122(a)(1), the court may
enter an ex parte order authorizing the installation and use
of a pen register or a trap and trace device if the court
finds, based on the certification by the attorney for the
Government, that the information likely to be obtained by
such installation and use is relevant to an ongoing criminal
investigation. Such order shall apply to any entity providing
wire or electronic communication service in the United States
whose assistance is necessary to effectuate the order.
``(2) Requests from state investigative or law enforcement
officers.--Upon an application made under section 3122(a)(2),
the court may enter an ex parte order authorizing the
installation and use of a pen register or a trap and trace
device within the jurisdiction of the court, if the court
finds, based on the certification by the State law
enforcement or investigative officer, that the information
likely to be obtained by such installation and use is
relevant to an ongoing criminal investigation.''; and
(2) in subsection (b)--
(A) in paragraph (1)--
(i) in subparagraph (C), by inserting ``authorized under
subsection (a)(2)'' after ``in the case of a trap and trace
device''; and
(ii) in subparagraph (D), by striking ``and'' at the end;
(B) in paragraph (2), by striking the period at the end and
inserting ``; and''; and
(C) by adding at the end the following:
``(3) shall direct that the use of the pen register or trap
and trace device be conducted in such a way as to minimize
the recording or decoding of any electronic or other impulses
that are not related to the dialing and signaling information
utilized in processing by the service provider upon whom the
order is served.''.
SEC. 8. TECHNICAL AMENDMENTS TO PEN REGISTER AND TRAP AND
TRACE PROVISIONS.
(a) Issuance of an Order.--Section 3123 of title 18, United
States Code, is amended--
(1) by inserting ``or other facility'' after ``line'' each
place that term appears;
[[Page S2741]]
(2) by inserting ``or applied'' after ``attached'' each
place that term appears;
(3) in subsection (b)(1)(C), by inserting ``or other
identifier'' after ``the number''; and
(4) in subsection (d)(2), by striking ``who has been
ordered by the court'' and inserting ``who is obligated by
the order''.
(b) Definitions.--Section 3127 of title 18, United States
Code is amended--
(1) by striking paragraph (3) and inserting the following:
``(3) the term `pen register'--
``(A) means a device or process that records or decodes
electronic or other impulses that identify the telephone
numbers or electronic address dialed or otherwise transmitted
by an instrument or facility from which a wire or electronic
communication is transmitted and used for purposes of
identifying the destination or termination of such
communication by the service provider upon which the order is
served; and
``(B) does not include any device or process used by a
provider or customer of a wire or electronic communication
service for billing, or recording as an incident to billing,
for communications services provided by such provider or any
device or process by a provider or customer of a wire
communication service for cost accounting or other like
purposes in the ordinary course of its business;''; and
(2) in paragraph (4)--
(A) by inserting ``or process'' after ``means a device'';
(B) by inserting ``or other identifier'' after ``number'';
and
(C) by striking ``or device'' and inserting ``or other
facility''.
SEC. 9. PEN REGISTER AND TRAP AND TRACE REPORTS.
Section 3126 of title 18, United States Code, is amended by
inserting before the period at the end the following: ``,
which report shall include information concerning--
``(1) the period of interceptions authorized by the order,
and the number and duration of any extensions of the order;
``(2) the offense specified in the order or application, or
extension of an order;
``(3) the number of investigations involved;
``(4) the number and nature of the facilities affected; and
``(5) the identity, including district, of the applying
investigative or law enforcement agency making the
application and the person authorizing the order''.
SEC. 10. ENHANCED DENIAL OF SERVICE INVESTIGATIONS.
Section 2511(2)(c) of title 18, United States Code, is
amended to read as follows:
``(c)(i) It shall not be unlawful under this chapter for a
person acting under color of law to intercept a wire, oral,
or electronic communication, if such person is a party to the
communication or 1 of the parties to the communication has
given prior consent to such interception.
``(ii) It shall not be unlawful under this chapter for a
person acting under color of law to intercept a wire or
electronic communication, if--
``(I) the transmission of the wire or electronic
communication is causing harmful interference to a lawfully
operating computer system;
``(II) any person who is not a provider of service to the
public and who is authorized to use the facility from which
the wire or electronic communication is to be intercepted has
given prior consent to the interception; and
``(III) the interception is conducted only to the extent
necessary to identify the source of the harmful interference
described in subclause (I).''.
SEC. 11. ENCRYPTION REPORTING REQUIREMENTS.
Section 2519(2)(b) of title 18, United States Code, is
amended by striking ``and (iv)'' and inserting ``(iv) the
number of orders in which encryption was encountered and
whether such encryption prevented law enforcement from
obtaining the plain text of communications intercepted
pursuant to such order, and (v)''.
SEC. 12. STATE AND LOCAL COMPUTER CRIME ENFORCEMENT.
(a) In General.--Subject to the availability of amounts
provided in advance in appropriations Acts, the Assistant
Attorney General for the Office of Justice Programs of the
Department of Justice shall make a grant to each State, which
shall be used by the State, in conjunction with units of
local government, State and local courts, other States, or
combinations thereof, to--
(1) assist State and local law enforcement in enforcing
State and local criminal laws relating to computer crime;
(2) assist State and local law enforcement in educating the
public to prevent and identify computer crime;
(3) assist in educating and training State and local law
enforcement officers and prosecutors to conduct
investigations and forensic analyses of evidence and
prosecutions of computer crime;
(4) assist State and local law enforcement officers and
prosecutors in acquiring computer and other equipment to
conduct investigations and forensic analysis of evidence of
computer crimes; and
(5) facilitate and promote the sharing of Federal law
enforcement expertise and information about the
investigation, analysis, and prosecution of computer crimes
with State and local law enforcement officers and
prosecutors, including the use of multijurisdictional task
forces.
(b) Use of Grant Amounts.--Grants under this section may be
used to establish and develop programs to--
(1) assist State and local law enforcement agencies in
enforcing State and local criminal laws relating to computer
crime;
(2) assist State and local law enforcement agencies in
educating the public to prevent and identify computer crime;
(3) educate and train State and local law enforcement
officers and prosecutors to conduct investigations and
forensic analyses of evidence and prosecutions of computer
crime;
(4) assist State and local law enforcement officers and
prosecutors in acquiring computer and other equipment to
conduct investigations and forensic analysis of evidence of
computer crimes; and
(5) facilitate and promote the sharing of Federal law
enforcement expertise and information about the
investigation, analysis, and prosecution of computer crimes
with State and local law enforcement officers and
prosecutors, including the use of multijurisdictional task
forces.
(c) Assurances.--To be eligible to receive a grant under
this section, a State shall provide assurances to the
Attorney General that the State--
(1) has in effect laws that penalize computer crime, such
as penal laws prohibiting--
(A) fraudulent schemes executed by means of a computer
system or network;
(B) the unlawful damaging, destroying, altering, deleting,
removing of computer software, or data contained in a
computer, computer system, computer program, or computer
network; or
(C) the unlawful interference with the operation of or
denial of access to a computer, computer program, computer
system, or computer network;
(2) an assessment of the State and local resource needs,
including criminal justice resources being devoted to the
investigation and enforcement of computer crime laws; and
(3) a plan for coordinating the programs funded under this
section with other federally funded technical assistant and
training programs, including directly funded local programs
such as the Local Law Enforcement Block Grant program
(described under the heading ``Violent Crime Reduction
Programs, State and Local Law Enforcement Assistance'' of the
Departments of Commerce, Justice, and State, the Judiciary,
and Related Agencies Appropriations Act, 1998 (Public Law
105-119)).
(d) Matching Funds.--The Federal share of a grant received
under this section may not exceed 90 percent of the total
cost of a program or proposal funded under this section
unless the Attorney General waives, wholly or in part, the
requirements of this subsection.
(e) Authorization of Appropriations.--
(1) In general.--There is authorized to be appropriated to
carry out this section $25,000,000 for each of fiscal years
2000 through 2003.
(2) Limitations.--Of the amount made available to carry out
this section in any fiscal year not more than 3 percent may
be used by the Attorney General for salaries and
administrative expenses.
(3) Minimum amount.--Unless all eligible applications
submitted by any State or units of local government within a
State for a grant under this section have been funded, the
State, together with grantees within the State (other than
Indian tribes), shall be allocated in each fiscal year under
this section not less than 0.75 percent of the total amount
appropriated in the fiscal year for grants pursuant to this
section, except that the United States Virgin Islands,
American Samoa, Guam, and the Northern Mariana Islands each
shall be allocated 0.25 percent.
(f) Grants to Indian Tribes.--Notwithstanding any other
provision of this section, the Attorney General may use
amounts made available under this section to make grants to
Indian tribes for use in accordance with this section.
______